Configure firewalld for external interface:
  firewalld.present:
    - name: external
    - masquerade: True
    - prune_ports: True
    - prune_services: True
    - prune_interfaces: True
    - prune_sources: True
    - interfaces:
      - {{ pillar['network']['interface']['external'] }}
    - services:
      - ssh

Configure firewalld for internal network:
  firewalld.present:
    - name: internal
    - prune_ports: True
    - prune_services: True
    - prune_interfaces: True
    - prune_sources: True
    - interfaces:
      - {{ pillar['network']['interface']['internal'] }}
    - sources:
      - {{ pillar['network']['netaddress'] }}/{{ pillar['network']['netmask'] }}
    - services:
      - ssh
      - dhcp
      - tftp
      - http
      - https
      - dns
      - ntp

Configure firewalld for vlan networks:
  firewalld.present:
    - name: public
    - prune_ports: True
    - prune_services: True
    - prune_interfaces: True
    - prune_sources: True
    - interfaces:
      {% for vlan in pillar['network']['vlan'] -%}
      - vlan.{{ vlan['id'] }}
      {% endfor %}
    - sources:
      {% for vlan in pillar['network']['vlan'] -%}
      {% set ip = vlan['address'] -%}
      {% set netmask = vlan['netmask'] -%}
      - {{ ip[0:-1] }}0/{{ netmask }}
      {% endfor %}
    - services:
      - ssh
      - dhcp
      - tftp
      - http
      - https
      - dns
      - ntp